Avatar of rikmyr
rikmyr
 asked on

RRAS wont work with IIS 7.5

Hello all,
I currently run Windows Server 2008 R2, IIS 7.5 and RRAS. THe issue is when select the interface under general in RRAS and go to properties, there is a checkmark "Enable IP Router Manager" when I uncheck it Im able to ping, tracert and basically access the server from the external ip over the internet but the catch is that internally my connceted devices that use rras to connect to the internet no longer have itnernet access. And the oppsite when the box is checkmarked. Is there a way to still have internet access but access the web server or serevr in general at the same time?
Windows NetworkingWindows Server 2008Routers

Avatar of undefined
Last Comment
GRGrayban

8/22/2022 - Mon
GRGrayban

I am not 100% sure of your issue as I always have IP Routing on, But I will give you my best shot.

When enabling IP Routing, the server basically becomes a switch (local host). This is what you want. Since you are running IIS on it and TMG is also your proxy, Port issues come into play. Publishing web sites on port 80 will be a problem if you are using proxy on port 80. It is not the "best" thing to do, but you can work through this. Keep in mind the order that services start. The one that grabs port 80 1st, wins. Not to get into particular details, make sure of the following:
TMG
1. Make sure Proxy is set to a different port such as 8080
2. If you want to PING the outside NIC say from your home, create a rule to allow ICMP from external to the ip address of the outside nic.
3. Add RRAS netowrk group (or replace "internal" with "all protected") to proxy rule. Only "internal" is included in "from" for this rule by default.

RRAS Through TMG MMC (Don't modify in RRAS MMC)
1. Make sure you have routes for your local LAN and RRAS networks.
2. Make sure that a 0.0.0.0 route points to the outside

There are a lot of details I have left out here, but these are the basic check points. In the end it is very simply in theory:
- RRAS must have routes for local and external destinations
- IIS and Proxy cannot use same ports
- TMG must have rules created / modified to allow traffic to and from the internet.

Look at logging in the TMG and youw will see where traffic is getting block by a rule. The concept is very simple, but the configuration is very complex. For exact details and start-up instructions, the "isaserver" website is dedicated to the TMG/ISA/RRAS products and there are many tutorials. Just as a side note, TMG locks itself down hard and to run anything on it requires rules to be created. Expect a lot of tweaking and knowledge before you get IIS/TMG/RRAS to work perfectly together,

Good luck!
ASKER CERTIFIED SOLUTION
rikmyr

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
rikmyr

ASKER
it works!
GRGrayban

Yep, that is part of configuring TMG. Should have mentioned that NAT-ing must be on. Soundls like you have a good handle on this.
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23